#1  ƽͷѧ֮ȫ̳̣һ--ǰ  ھ

ֻһЩ˵Ҳ˵ôˣûˣ棬Ƽɡ 

ȣѩϴ󡶼ܣȫﳬֵҪ...(~~ûҪ)ȻпѩһԼҪ壬㹻·ȵȡ

⣬ҾĺбҪѧһűԼһЩWin32֪ʶ... 

* ѩ̳:
http://www.pediy.com/


κFAQ 

Q:Щ˿ѧϰƽ⣿ 
A:κλԲͬʱѧϰƽˡ˵ȫʵȲֲôҽһİ--ƽԣǺǣܼ򵥣ոשʲôģȥƽ  (ǵùصԴ) 


Q:ûʲô취ʹҿŲΪ֣ 
A:СǸMM(PPLν)ȻҸƽˣʲôҲգ۷Ÿ֮ĻɣеСŮȻͳˣǺǣʲôĻøְæɣʱ˵ԼƵľͳ  MMΪʲôΪЩִޱȣǺǣͷԾû˳࣬еҲԽǸ֣ľԽ󡣾˵һﵽCCGţǵĳSunĳʱ˵˾䡰ţôСҳ̹  (ڴ:׼üһһҪȥе)ǺǣЦʵ˵ôֻ࣬㣬ѧϰƽһ㲻ҪͼͶȡɣҪѧͽ̤ʵأ࿴̶̳දʵ۾飬ҪPOSE⡰ҲXXѧƽ𣿡ǲܣʵͬʱҲѧ֪ҪҸˣǿѩ̳ҪյģȫҪգ⻹㣬ҪΪ־ͱ뾫ͨ㲻һֱֻͣŽ׶εĻҪ͵ȡɣ˭һʼҲʲôģֻҪһЩʱһС־ôûʲôѧģ֪ʶҪ۵ģ֪ԼȴȥѧǶزҪ˼һ˲ѧƽ⣬Ǳн˷ʱ䣬벻Ҫ˷ʱˡҪտʼѧϳΪ֣ûи֣ûҪ³ԽĿֻ꣬ѧ֪ʶλ͹ˣ򲻴벻Ҫɵˡ 


Q:ѧƽ˵ʲôô 
A:ӦԼش𣬺ǺǣΪʲôҪѧʹù...ǶҲǸĿģϣ㲻ҪֻĿ(Ŀǰڹҵдչ)ֻ˵ЩֻΪһʱ嶯ѧϰƽˣ뽫ǵĳ嶯άȥҪףѧϰƽĿĲֻƽʣҲΪѧϰʱӣıˮƽŻ൱ߡѧϰ˺õ˼룬Ϊ  Ҹ˵ѧϰƽ԰ҵĻĻãǺǣԲϵͳȤʱдأԻرҪ....  


Q:ҺܱЩϺĽ̳Ҵ󶼿ףѧ 
A:ԶҪ˵㱿ֻѧı˼ѣ̫ĿͼܿĿţҲܣҪֻʱϺ㣬Ҳľһʱ⡣ 


<> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

΢е֪ʶһֻ֪ʶ01ģǻҪд򣬾Ҫ01дǺǣCoolɣйĶԳԱĳݣܾԴǸʱ  Ƿ01д̫ˬˣд֣һعͷĻӦúٿˣ֮Щԭ򣬾˻ԡ 


һЩǷ01ĶϣҲǸָĻһ̶˵ࣨһͷţ̫ˣһֻһҲ㣬ȫǣҲͬ㣬ͬдˬҺάͬ㣬ټҪдһЩĳ£߼Ծͱ˷˳ǽõBasicpascalCC++ȵȵȵȣЩԵĳ֣һʹĿѶȴˣһͷţ̫ˣϥǾдˣһֻ񣺻һѣǰûҪܳʱܿĳֻҪ̵ܶʱҺɵľͿԸ㶨ˣر꣬ӻ̵ĴռʹԱظһˤCoderĴڶˡҵľǻ࣬һҹ֮˵ͼԡԡⲻˢ񹤡ͲǮĵƦڹ¿ˮı˵ȵȵȵ  


ࣺءҲˣ 


ǻ໹ƵģΪCPUڲָһһӦһЩĳϣɻʵ֣ӲĶ˿ڡд. 


ɵĿִļЧʾ޸ߣɵĿִļСдСǺˬģǺǣûдעǼɵ£㲻ΪԭΪϤԶΪѡ˵ô࣬ɣ赹ɣ 


Ȼֻʶ01ôд洢ڼϵļҲԶƵʽŵģȻҲִļˡ 


ԣֻҪһʮƱ༭Ultra EditʲôģͿֱӴ򿪲鿴ִļˣǺǣܿĻ  ֣ᷢʱģȫЩʮֵÿ4λתΪһλʮǿִļľݣȻоͰִļĴˡһͷţаһֻ񣺱ţұ죬۶ˣ 


ǺǣʱǲǾÿЩЩǸ 


Щ飬û*зǺӦԽЩʮֵתΪӦĻ룬ĻǾͿԶԱ˵зˡνˡ 


Ǻǣһ룬ҵעĲ֣зŪļ㷽ô㲻Ͳͨķʽע𣿵ȻҲԽ˼̻ԭΪһϤıԣô򣬾ͽעĹܾǼĳһضע롣ǺǣǲǾп˵"ֹṩעƽ򣻽ֹԱз򹤳̣練ࡢ" 


ǿģϾ˼һô˼ԼϣԣҲϣΪעѵԭѧϰƽ⡣ 


ܵ˵ϱ߶Ľе̫뻯ˣᵽķνľ̬õĹW32DASMIDAHIEWȡ̬˼壬ֻͨ鿴ķзһֻ뱩ֻо̬͹ˡҪŪע㷨һ㻹Ҫж̬ģܹһִгһ߽зݣһڡƽԭ͡šϸ˵ǺǣϾڶԾеˡ 


ҷϻ˵ô࣬ʵҪԣҲҪ㾫ͨҲܿɣҪ̸ʲôȻиǶһ඼·ˣƵ˼ǣǲǲ˵Ѳ뱩һӣ 


ʵȫþ»ģȥ˵ģʵƽʱЩؼԷ࣬MFCô㶼Ķж٣ң಻ֻCrackʱãںöطҲãô޴Ҿãѻ£Ǽ岻ݴǵ: 


ֻҪѾͺˡ 


Ϊڶ޸ʱ룩 


ȸ㽲һCPUɰ: 


CPUִдڴ洢ָСΪˣҪ߼⣬ҪCPUʹ洢ԼI/O֮ݴڵCPUоƬֻͿ󲿷֡˽꣬Ϊʹ洢ٶܸõٶƥ䣬оƬ˸ٻ洢֪ΪʲôP4P4ô?һӲ˹㽲ЩʲôֲҪCPU 


㼱ʲôڻȽϡͼ ?;;ֱӲӲģΪVBأʲôʱñ־Ϳã㲻պCPUڲһЩʱô밡һҪ˵ 


˸ٻ洢֮ɣϿԷΪ3֣ 


1.߼ALUarithmetic logic unit߼㡣ⲿǵĹϵ̫ûҪ 


2.߼ͬǵĹϵ 


3.ҪġĴڼҪãÿһĴ൱еһ洢ԪĴȡٶȴ죬ȴ洢ҪܶˡżҪĻõĸϢַмȡרŵĽЩĴ 


ڽ֮ǰбҪ˵Ե֪ʶ֪ʲô32λɣ˵Ĵ32λģ~~û˵CPUУһλһλλһֽڣڴУֽΪλڴ洢ϢģÿһֽڵԪһΨһĴ洢ַΪַʱӦڴ棬ַͨ˸λܱЩʲôأԱеASCII룬Ҳ˵һڴ浥ԪԴ洢һӢַʲôģҪUnicodeʾҲ˵ڴ浥Ԫװһ֡ʮλֽⲻɣȻʮλͿ϶ʮλʮλʲôģʮλ˫֣ʮλͽ֡ʹCPUȫ32λˣõ286ĻȻȻCPUеļĴҲ32λˣҲ˵һĴװ3201вμĴ 


˵ҪյļĴʮһһܸ: 


ȣС!ԼԼһµˣǳۿˣ˵ȣͨüĴ 


һ˸ֱEAXEBXECXEDXESPEBPEDIESI 


УEAXEDXĸĴֿɳΪݼĴֱӷ⣬ɷֱʮλ͵ʮλƵ˵32λ𣿣зʡǵĵʮλǰǰ߶EȥEAXĵʮλAXǵĵʮλֿԷֱаλʣҲ˵AXٽзֽ⣬AXɷΪAH߰λALͰλĴƶϡĻͿӦһλݣô MOV AL (λ)MOV AH (λ)ҪһʮλݣMOV AX (ʮλ)ʮλĻMOV EAX (ʮλ)Ҳ˵㻹ǻ᲻ףûϵҸŻͼɣȻôƯ: 


 


                                         


                                         


     ʮλ      EAX    AH  AX    AL       


                                         


                                         


 


(ҵ...ͼΪɶǲʾҶػ)  


𣿲ûйϵͰԼ٣١ 


ĸĴҪʱżõĲϢ 


ESPEBPEDIESIĸأֻʣǵҪ;ڴ洢ѰַʱṩƫƵַˣǿԳΪַָĴ˵386ԺеļĴ洢ڴַ㽲һС֪ʶƽʱǲǿ[EBX]ʽأ˵ʱEBXװһڴַҪʵģǸڴ浥Ԫ洢ֵ 


⼸ĴУESPΪջָĴ档ջһҪĸԡȳʽһ洢ڶջУεַSSĴСֻһڣֻһջָĴESPκʱָǰջ˵ܻĻǲףҾٸӰɣ֪񹤸Ƿɣ񹤣һ񹤣¼AҪשһ񹤣¼BAשAſڵϣֱBԶİשãBԶ󣬾ͻһשϣAúBȾֲȥǺȳһ̡ûףAԶǴϱ߿ʼשջĻַʼһߵַȻÿջ͵ַķд洢ӦջָPUSHÿջESP͸Ÿı䣬֮Զָһѹջݡ֮ҪѹջݣóջָȡӦָPOPPOPִָкESPӦλ 


رڵWin32ϵͳ棬ջøǲɺӣAPIõݣ*ջ͵ģȽҪ͵ѹջȻCALLAPIAPIںóջָӦݳջȻвԺͻ֪ҪˡȽϵһ㶼ڹؼCALLǰעѹջȻCALLڳջбȽϡԣֻҪҵؼCALLѹջָd鿴ע롣ݻںϸܣݲۡ 


⻹EBPΪַָĴǶջμĴSSȷջеĳһ洢ԪĵַESPָʾζƫƵַEBPΪջеһַԱʶջеϢESIԴַĴEDIĿıַĴһݶμĴDSãȷݶĳһ洢ԪĵַַĴԶԶĹܣԺܷڱַڴָУESIEDIΪԴַĿıַĴʱESIDSãEDI͸ӶESãֱﵽݶκ͸ӶѰַĿġĿǰʱײҪ 


ٽ绨ٴԼˣһרüĴǺǣûбŵרҵġ 


νרüĴһEIPһFLAGS 


˵EIP˵EIPмĴҪһˡ˼ָָĴŴеƫƵַڳеĹУʼָһָ׵ַμĴCSȷһַָһַ͵洢󣬿ȡһҪִеָһȡָ޸EIPݣʹʼָһָ׵ַɼEIPĴָе̵ִġ 


Щתָͨ޸EIPֵﵽӦĿĵġ 


ٽ˵һFLAGS־ĴֳPSW(program status word)״̬ĴһǴ־롢Ʊ־ϵͳ־ļĴ 


ʵǸҪ̫ȥ˽Ŀǰֻ֪ĹԭͳˣҾٸӰ: 


Cmp EAX,EBX  ;EAXEBX 


JNZ 00470395   ;ȵĻ; 


ָܼ򵥣EAXĴװȥEBXĴװȽǲȣCmpִָй󣬾ͻFLAGSZFzero flag־λӦֵΪ0ҲȵĻZF10OF־SFű־CFλ־AFλ־PFż־ȡ 


ЩĿǰûҪ˽ôӦתָˡ 


ҪܵľǶμĴˣղ˭˵ӣ죿ң 


ⲿּĴһֱCSΣDSݶΣESӶΣSSջΣFSԼGSǸӶΡ 


ʵڵWin32£μĴԾDOSʱҪˡ 


ԣ֪ˡ 


ô࣬CPUԾ˸ŵ˽˰ɡʲôʲôҲףǺǣҲҪģҵĴûнѣȥοһЩ鼮ʼվģ㰸ͷһǷǳǳбҪģ߶廪ġ80x86Գơ࣬46Ԫ 


ǽٽһһЩõĻָɡڿǵĿǰԾӦӣԣֻǴӻָУһЩãҪյģݣμ鱾 


CMP A,B ȽABABǼĴڴַҲͬʱĴͬڴַָ̫ˣȽϵָ 


MOV A,B Bֵ͸AУABǼĴڴַҲͬʱĴͬڴַ 


Xor a,aҪa 


LEAװַLEA DXstring ַĵַװDXĴ 


PUSH ѹջ 


POP ջ 


ADD ӷָ ʽ:ADD DSTSRC ִеĲ(DST)<-(SRC)+(DST) 


SUB ָ ʽ:SUB DSTSRC ִеĲ(DST)<-(DST)-(SRC) 


MUL ޷ų˷ָ ʽ: MUL SRC  ִеĲֽڲ(AX)<-(AL)*(SRC)ֲ(DX,AX)<-(AX)*(SRC)˫ֲ(EDX,EAX)<-(EAX)*(SRC) 


DIV ޷ųָ ʽIV SRC  ִеĲ:ֽڲ16ǱAXУ8λΪԴ8λALУ8λAHСʾΪ 


(AL)<-(AX)/(SRC)̣(AH)<-(AX)/(SRC)ֲ:32λDX,AXСDXΪλ֣16λΪԴ16λAXУ16λDXСʾΪ(AX)<-(DX,AX)/(SRC)̣(DX)<-(DX,AX)/(SRC) 


˫ֲ:64λıEDX,EAXСEDXΪλ˫֣32λΪԴ32λEAXУ32λEDXСʾΪ: 


(EAX)<-(EDX,EAX)/(SRC)̣(EDX)<-(EDX,EAX)/(SRC) 


NOP ãĨȥӦ䣬Ļٺٺ١ 


CALLӳ԰߼еĹ⡣ 


תָ: 


JE JZ  


JNEJNZ  


JMP  


JB С 


JA  


JG  


JGE ڵ 


JL С 


JLE Сڵ 


ܵ˵ϼǱȽϳģҪգҪյľֹ⼸ָϣ˽˽һ£ӦĽ̳ 


ղˣٰתҲ: 


˵תΪʮƵ⣺ 


λӦȨ֮ͼΪöӦʮ: 


10100=24η+22ηҲʮ20 


11000=24η+23ηҲʮ24 


˵һʮתΪķ 


ķж٣Ҳֻ򵥵һ-: 


Ҫתʮֲϳ2ֱΪ0Ϊֹ 


:N=34D(˵һ£ĳЩֵĺ߿һĸĸʾƵģʮDB˽OʮH) 


  34/2=17     (a0=0) 


  17/2=8      (a1=1) 


  8/2=4       (a2=0) 


  4/2=2       (a3=0) 


  2/2=1       (a4=0) 


  1/2=0       (a5=1) 


N=34D=100010B 


ڱתʮСӦϳ2ֱ֣СΪ0Ϊֹ 


ʮʮ֮ת: 


ܵ˵ʮ֮תӦǺܼ򵥵ˣֻ֮Ӧֵתͳˡ 


ʮĻ1616룬0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,FAʾʮе10ơƺʮĹϵ: 


0H=0D=0000B,1H=1D=0001B,2H=2D=0010B,3H=3D=0011B,4H=4D=0100B,5H=5D=0101B,6H=6D=0110B,7H=7D=0111B,8H=8D=1000B,9H=9D=1001B,AH=10D=1010B,BH=11D=1011B,CH=12D=1100B,DH=13D=1101B,EH=14D=1110B,FH=15D=1111B 


ԣʮ֮ҪתĻֻҪɵ͵ÿλһֱʮʾͿ: 


:   1000      1010      0011       0101 


       8         A         3          5 


ʮתֻ轫ÿһλλʾͳ: 


:     A         B         1          0 


     1010      1011       0001       0000 


ʮʮ֮Ļת 


ʮתʮ 


λʮӦȨֵĳ˻֮ͼΪʮӦʮ 


:N=BF3CH 


   =11*163η+15*162η+3*161η+12*160η 


   =11*4096+15*256+3*16+12*1 


   =48956D 


ʮתʮ 


һֻ򵥵ĳ: 


Ҫתʮֲֵϳ16ֱΪ0Ϊֹ 


N=48956D 


   48956/16=3059       (a0=12) 


   3059/16=191         (a1=3) 


   191/16=11           (a2=15) 


   11/16=0             (a3=11) 


N=48956D=BF3CH 


ͨϵĽܣҲ֪㵽׿ûУеĻȥһ鱾ûĵطͽ˵ĵطϸؿ顣ûпô͸ҪȥˣҪΪɥʧѧϰġذǰ߶CPUܿ꣬ŪĴĸٰѺ߻ָ£Ϳ·ˡѧ汳Ļᷢʵûеôѡһڵʱ䣬ͿɴˣֻնѣԿˡҪѧõĻ߶Ҳһͬ˰ɣдһЩС֡Ȼ뾫ͨ࣬ǿɲһһµ£ֻҪкģʲô㲻ģCPUҲģָֻеһֶѣ˼CPU㻹ʹöѧ᣿ 




κFAQ 


Q:ǰѧ8086/8088ҲDOSд 


A:У8086/8088ڵCPUڻָ棬ҲûӶµָֻ˽һ¸Ĵı仯ԼһWindows֪ʶͳˡңȻûDOSдôDebugȵ϶Ѿˣơ 


Q:˵⣬Ϊʲôǲأ 


A:Ǻǣ񵹻в٣ǰѻõ൱ǣֻΪԭԲžĲֵģ˵ҲҾǣCALL͸Ǻǣ˲APIԶⲿָֻ֣ԼһЩļɾͳˡ 


Q:ûѧ̣ѧ 


A:ܵ˵ҲСϣѧϰʹ㶪ѧϰ߼Եġ 




 


Q:ĴôûʲôƣдʱЩʲôĿԷļĴô 


A:Ǻǣھش¥ѵ⡣ 


ĴʹûƣĴȷķֹ 


С  ݼĴEAX-EDXǶͨüĴУκݶɴڴˡǳ֮⣬ֿԶڸԵרĿġ 


磺 


EAXΪۼʹãҪĴڳ˳ָָŲڳ˷УALAXEAXװAXDX:AXEAXEDX:EAXװĻ 


EBXһڼ洢ַʱַĴ 


ECXֵλָװλѭʹָļ 


ʣĴеˣһʱǱȽϵ͵...ˣȥײǽˣʣEDXˣһ˫ֳʱDXAXһһ˫ֳ㻹ǵʲô˫ֳɣٸӣ˵һ01101000110101000100100111010001ҪĴͿ԰0110100011010100(ʮλ)DXУ0100100111010001(ʮλ)AXУʾΪDX:AXȻȫһEDXͰװ¡ԣEDX:EAXװһ64λݣƶϳɡ 


ESPEBPEDIESIϱ߶ԾŽܵĲˣﲻ˵ˡ 


ȻһЩƣΪֻҪĻ(˼д˵ģ϶᷸)ҪȥдԿԲաȤĻȥ鼮 


˵һһ⡰дʱЩʲôĿԷļĴô 仰ҲҪʵʲôǰһЩصˣͨǳڸ߼еģø߼дĻȫЩĴʲôģЩ߼ûʲôϵգ߼ҲǰдĳתΪԼĴڲ洢Ĳ

 
 
 2005-5-4 16:59               
 
bm500
עû





 51
 35
ע 2005-5-4
״̬   #2  

¡Windows 


һҶ֪дˣǺ~~ 


ϾWin32һǳµϵͳĿǰݲС˵ģҼȻҪдЩŽ׶εǿģֲдЩ񿴵ģԣҲ±˱ָ  µ־ͽСWindows򡷶ǡWindowsơԣֻǽһЩWindowsԭ: 


WindowsΪʲôWindowsùѶףһһĴڣֵҲһһڵĳ֣ʹʹһӼ˾޶ࡣǰӴԵһ֪DOSɣ֪Ļȥʼӽܹذİϸ磬  㻹ǵDOSǺںĴڰɣûĸǶڿʼ˵ҳDOSͨһϵеӦĲһĿ¼ɾһĿ¼ȵȵȵȡֹʽͽʾʽҲС 


ڹڲԵ˻ϰ˵ҪѧԣҪӢء˶ٽѧϰһЩѣҲԴDOSԭɡ 


Ӳ֧ԼϵߣȻΪʹԸķˣľνͼϵͳӴˣ㲻ټЩѵָˣҲϣҲߣ˵ϵͳչķݶϣѾˣȥЩһѱСǰɡ 


ȻDOS֮ʾһWindowsԺ͵һռŴ󲿷ֵûȺ 


⣺һһɮôϻ 


ת⣬Windows֮Ժã˲ñN⣬һԭΪṩ˴ı׼Windows GUIԶûԵͬһױ׼ĴڣЩڵĲһģʹòͬӦóʱѧϰDOSһװ³򣬾ҪϿ˵ 


Windows GUIֻ΢ṩ򿪷ԱAPIApplication Programming Interface Ӧñ̽ӿڣеһСֶԡWindows APIһ鹦ǿĺǱפ Windows йʱáЩĴ󲿷ֱڼ̬ӿ(DLL)УƩ磺kernel32.dll user32.dll  gdi32.dll Kernel32.dllеĺҪڴͽ̵ȣuser32.dllеĺҪû棻gdi32.dllеĺͼηĲȵȡ 


ܶ˵API㲻̫ôһµĻҾ͵һ㡣 


֪ûWindowsеһһôأǺǣVBDelphiûдĳеЩôγɵģǿؼɵġ...Ǻǣ㵱ѧVBDelphiʱһԿӻ̻һɣǲҲᵽVC++ôô㣿ôôΪɳĽѴʱ˵ȵȡ 


̨һ񹤣Сӣҳ鰡ˣ 


Ͽ˵ʵֻ㣬õWindowsµĳ򣬶ͨһһWindows APIִӦģûAPIĳʲôҲˡVBDelphiԼMFCҲ˵ҸûеʲôAPIʵЩAPIõĿԶӦתġ˵Delphi½һʲôҲöֱӰF9ǲǳһհ׵Ĵ壿Ǹ׼WindowsWindowsеһ󻯰ťСťرհťͨƶ 


VC++MASM32дһôַVC++УMFCֱӵAPIMASM32УֱֻӵAPIһַνֱӵAPIָеĲͨԭʼAPIɡֱͨӵAPIһҪעᴰ(ʹ Windows ԤĴ࣬ MessageBox  dialog box)ȻڣȻʾ(ʾ) Ȼˢ´ڿͻ 


鷳ɣҪټ²: 


1.ҪõӦóľ2.ʾͽ޵ĻȡϢѭ3. ϢɸôڵĴڻص4. ûرմڣ˳ 


˲裬ҪӦAPIɡ˵õľGetModuleHandleעᴰRegisterClassRegisterClassEx;ע󣬻ҪCreateWindowExӦڣShowWindowʾ֮󻹻UpdateWindow ¿ͻȵȵȵȡЩأֱͨӵAPIȥдһԴһĳĻᷢһô顣 


˵ЩֻAPIеһСССССССССС.֣żAPIгɰǧϵͳеĲûAPIĳʲôҲɲˡ˵ĳһEditؼVBӦýTextؼɣ뽫û뵽ϢŵһȥôDelphiпStr:=Edit1.textʵ֡VBӦStr=Text1.Text;APIҪõEditıݣҪGetDlgItemIntEditֵֵãGetDlgItemTextGetDlgItemTextAEditֵַã˵VBDelphiõ༭ݵķڱɿִļʱҲɱԶӦתֻҪһ¾ͺˣǾõĳʱ޿̶ڵϵͳеĸָAPI 


ʵWindowsеAPI൱ڵDOSϵͳеϵͳܵãж21ֻϺ͹ϣDOSϵͳܵġ 


㻹ǿףҲ㣬ҽĲԣǸƼţдɡơWindowsơ֮ģʱ֪֪ʶͲֹAPIˡ 


ʵ˵ƪ²ǽ̵ģԹWindowsԭûбҪ˵ô֮࣬Ը㽲API֪Windowsлơĵʱõ¶ϵʱʲôAPIˣʮַŭأ̨ȥPKǵʲôˣ 


ٴ̨ϣͷһ࣬дֻɴСͬ˿ڣܻЩصĵطûᵽӭָʲô׵ĵطӭʡֻҪ̫Ǹ˵ܰеAPIгһȥ𣿡  


ϼõAPIɡʱԾAPIиŵ˽ˡ 


MessageBox  ʾһϢԻ 


MessageBoxEx  ʾһϢԻ 


MessageBoxIndirect ʾһϢԻ 


жЩʾ˵עˣͿͨ⼸еһʾ 


GetDlgItemInt  ֵָ 


GetDlgItemText ַָ 


GetDlgItemTextA  ַָ 


õûע룩 


GetLocalTime õǰʱ 


GetSystemTime õǰϵͳʱ 


жǷڣ 


RegQueryvalueA ȡһֵ 


RegQueryvalueExA ȡһֵ 


RegSetvalueA ֵָ   


RegSetvalueExA ֵָ 


ע洢עϢĻô⼸Ҳã 


潲ģֻǼƽʱȽϳģμѩǰĽ̳̻WindowsԱֲᡣ 


ǻҪ¡ؽһ֪ܲAPIʲôֻҪùһ֪֡Բ֪εͳ˭һҪ֪Ȼ֪ͳǱ  ͬʱҲ֪˭ 


----ϴݣNG˵hmemcpy 


Ǹʲôģ 


һǳ򵥵ĺֻһǳǳ񣬾ǰݴһطƵһطӦóɺܼ򵥣ܵͼࣺ˭˵һǴ󲿷APIȴǳƵصԣҲܺƽʱ֪ܶôǶȴǳáĿǰ2KXp£ȴûˣ֮ӦһmemcpyĺȻͬǻѾǸ  ֪memcpyͶϲʲôԣôһʹĺֻ98ʹˡͳһٺʹҲֻʹ꣬ʹľͱ˵ˡ˵Ͱ߷  


Ҳ˵ʲôˣ֪APIʲôͳˡ 


ʲô׵ĵطʲô⣬һرĻڻظҰһĻüʾ϶  


<> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--ع 


д֮ǰҿһ¿ѩĽ̡̳οһ£ɺȻ֣дһ£һǳ޴飬ΪҾĹЩߵʹý̡̳ѩ̳ѾдĹϸˣҲΪῴҲ˷ʱˣ¾ʹ˸ǳ 


ƼCrack Tutorial 2001Ƽѩ̳һġƼܣȫƼһ֮йصĽ̡̳ 


²ţ 


Ҫ·Ӧ¹ߣ 


SoftICEĿǰõĸٵԹߡʹõķֱʵĹϵûù 


Trw2000 ˽ϲpmodule磬ˣ 


W32Dasm8.93汾ļƷߡ 


Hiew Ultra EditʮƹߡʱʹãDOSʹHiewWindowsʹUltra EditWinHexHex WorkshopȣҸϲUltra Edit 


ļ͹ߣTYPgtwFileInfoȡһǱһ֡ǡˡ 


PROCDUMPNѿ 


EXESCOPEӵִļ(EXE, DLL)ĽʾܣȡԴⲿļ Դд룻¼ļļ¼ٱ༭(༭)ȹܡǺĳùߣȻƽʱҲá 


......źѧҲ٣ 


עϹߵʹ÷󶼿ڿѩеĽ̳ҵʲԸ֮ 


<> 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--ƽԭ 


ӱ¿ʼһһѧϰCrack80%߻ȥҲʡ...20%ѰҸ˵Ķ  


ɲ˵һѧϰƽ׶Σ 


,޸ĳ,ultraeditȹ޸exeļ,Ʊƽ,Ʊ 


м,׷ע 


߼,дע 


˵ⱬơνƣָͨ޸ĿִļԴļﵽӦĿġ㲻ףǺǣٸӺˣ˵ĳȽûע룬ûģͨûעȵĻҲ˵ûעȷˣôͻעɹĵطȥĵطȥ 


׹˰ɣֻҪҵתָ޸ΪҪġ͡ǲǾͿΪΪˣĳ˫ַؿڣҪ  


޸ķ֣Ҹ˵ 


no.1 


ĳУע᣺ 


00451239 CALL 00405E02  (ؼCALLжûעǷȷ) 


0045123D JZ 004572E6   (!!!<--Ϊؼתûעȷɹ004572E6) 


0045XXXX YYYYYYYYYY 


XXXXXXXX YYYYYYYYYY 


XXXXXXXX YYYYYYYYYY 


XXXXXXXX ִе˴ʾûעʧ 


...ʾûע벻ȷϢ 


... 


004572E6 ...  <--(עɹ!!!) 


...ʾûעɹϢ 


ǺǣûеĻ㽲һ¡ִе00451239ʱCALL0045E02עжϡŻһת䣬ûעȷ004572E6˴עɹˡûע벻ȷĻôͲ0045123Dתһֱִȥģעʧܲ֡ 


𣿺ٺ...ûֻҪǸؼתJZΪJNZ(ûע󣬾עɹȷעʧ)ȻҲԽJNZ޸ΪJmpĻעȷ񡣶עɹ 


no.2 


һһ 


00451239 CALL 00405E02  (ؼCALLжûעǷȷ) 


0045123D JNZ 004572E6   (!!!<--Ϊؼתûע벻ȷʧܴ004572E6) 


0045XXXX YYYYYYYYYY 


XXXXXXXX YYYYYYYYYY 


XXXXXXXX YYYYYYYYYY 


XXXXXXXX ִе˴ʾûעɹ 


...ʾûעɹϢ 


... 


004572E6 ...  <--(עʧܴ!!!) 


...ʾûע벻ȷϢ 


ţŲɡһˡһǲ...... 


һһͬĵط˰ɡûһֲͬģǵһעȷעɹûߣͻִеʧܴһע벻ȷעʧִܴеעɹ 


޸ģ˰JNZΪJZ⣬ԽΪNopNopָûκ壬ָ޸ΪNop󣬱עעˡ 


ԭԾ㽲ˣһ¾޸İ취ɡҼԾ˵Ĺߵʹ÷ 


˵һַƫת⣬SoftICEW32Dasmʾĵֵַνڴַmemory offset֮ΪַVirual AddressVAʮƹ磺HiewHex Workshopʾĵַļַ֮ΪƫFile offset) ַ(RAW offset) 


ԵҪͨЩʮƹԿִļеӦָ޸ĵĻҪҵFile offsetûбҪȥʹЩרŵתߣW32Dasmоܣ˵W32Dasm0045123DW32Dasm·״̬оͻַָָƫƵַ@:0045123D @offset 0005063Dh 0005063DhӦƫƵַǵõõַ󣬱UltraEditʮƹԿִļ޸ˡʹUltraEditUltraEdit򿪸ÿִļȻCtrl+GõƫƵַͿӦĻ봦 


ٸ㽲һ»룬νĻ롣㿴ЩʮˡǵָһһӦ 


⼸ǱʱҪõģȤв鿴ϣ 


JZ=74;JNZ=75;JMP=EB;Nop=90 


ƵʱֻҪϻӦ޸ľˣһʱ򣬿Խ74޸ΪEBJZ޸ΪJMPڶ轫75޸Ϊ90JNZ޸ΪNop 


ڱֻԭһġҵؼתȣһٽһשͷٺ٣αӵˣ 


ϱ߽˱ƵԭҪ׵ǡֻѧϰCrackĿʼǺܼ򵥵ֶΡŵʱϣ㲻Ҫʹ˲ǰ 


ٺ٣˵ˡ˼ҵвǶ˵׼޸ġ㶯˼ҵӣôܲأ   


żͲϲƣעҲҪҳע롣ҾͲȥעȻ벻ǮҪ*Լı¡ԺǮˣῼȥעЩĹ  ԣĳ˵һ˾   


ʵҪҵע벢һôѵ£ָԵ̫Ǹʱ  ¡ 


ղ˵ƵʱᵽؼCALLһ£ؼCALLǶע루һͨעʲôļȷע룬һĴע룩бȽϡǰᵽCALL֮ǰһõȷŵһطCALLȥʱٴЩطǰȡӦĴؼCALLҲCALL֮ǰһעŵջĳĴСٺ٣ֻҪڵУִеCALLδȥ֮ǰͨCALL֮ǰָж佫ȷĺͲȷעŵˡȻӦָв鿴ͳˣ˵ѵġ 


гɲοؽ̳̣ 


no.1 


mov  eax [      ]  ǵַҲĴ 


mov  edx [      ]  ͬϣָҲpop edx 


call 00??????   ؼcall 


test eax eax       


jz(jnz)jne(je)  ؼת 


˰ɣڹؼCALL֮ǰעֱeaxedxУֻҪCALLd eaxd edxܿȷעˡ 


no.2 


mov  eax [      ]  ǵַҲĴ 


mov  edx [      ]  ͬϣָҲpop edx 


call 00??????   ؼcall 


jne(je)         ؼת 


ΪЩ̫Ͳˡһµʱһ㽲ط... 


ڲעĲ֣͵ݣһ˵(˵ԾԽӵשͷˣﻹҪأ  ) 


˵νĸ߼׶ΣԼȰCrackôһ᰾׶εģֻʱ˶졣 


ʵ㷨кö༼ġǺǣҸտʼʱͷԣôCALLÿҪ׷һ飿öAPI׷˽ȥԼķһ㷨дעͻеĵˣһ˵磬㲻ǰɣ̫ܶ   


<>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



-- 


ʵܼ򵥣һ°ҵȫҪ׶ˡֻҪȵ򼸸׹ܣȻŵʾٵžOK(ѰɣǵĵźԶ)  


ƵԭҲ˵ˣ׾ˡǽ;彲һҵǸؼתԼβ򵽼ֺõ׹...  


һһֻҪٵļ裬ȿһ޼ӿǣеĻúι߼ӵĿǣ֪ԺӦĹ߽ѵֹѿǣοн̡̳ǾͿԶѹ֮ˡѡW32Dasmһϵֺܲ˵ĻW32DasmͿԸ㶨ˡϵĲֱȽϲ˵ģƱɣΪƱ罺ӣѰ...ŶһϵĲֺܲ˵Ļõɡ˵W32DasmW32Dasmзࣨϻ֮ڴʽοҵʾϢȷʾϢ˫ӦĵַW32DasmзӦ,ҳؼת͹ؼcallɫͣڹؼת,W32DasmڵײҵؼתƫƵַ(ʵ޸ĵַ)ultraeditҵƫƵַ(ʵ޸ĵַ)޸Ļ(һ׹),()õҲͬ򵥣Ȼϸ˵ 


ϻô࣬ʵ˵ɣ 


ȽW32Dasmб: 


ơлѹChinaZip 


汾7.0 


ļС1041KB 


ƽ̨Win9x/Me/NT/2000 


顿ChinaZipлѹһѹѹѹĵĹְ֧ZIPʽļڵĸֳѹʽ磺ARJCABGZIPJARLHATARZOOARCLZHPakȵȡ 


ĳǵԱ2001ĺ϶׹̣7.0ʱıĺǸĿǰ°Ӧúö... 


õģǿʼɣȵһðװϣҰNͷ֮Ҹַȥעһ£ῴһԻʾ"ע벻ȷ޷ע"FIһõʲôǡASPack 2.001casprѹǺW32DasmϰӻСʱʱзࡣԾϡ֮ڴʽοУַݲοҸղ㿴Ǹʾҵ֮˫Σֻһáǻ004F0E64ҰѾϣӴ±߿ʼ: 


:004F4DD1 E84EE1F3FF              call 00432F24 


:004F4DD6 8B55F0                  mov edx, dword ptr [ebp-10] 


:004F4DD9 8D4DF4                  lea ecx, dword ptr [ebp-0C] 


:004F4DDC 8BC3                    mov eax, ebx 


:004F4DDE E8C9010000              call 004F4FAC 


:004F4DE3 8B55F4                  mov edx, dword ptr [ebp-0C] 


:004F4DE6 58                      pop eax 


:004F4DE7 E830F3F0FF              call 0040411C 


:004F4DEC 7576                    jne 004F4E64                    <--Ǵ˵еˣStopǴ˵еĹؼת    


:004F4DEE B201                    mov dl, 01 


:004F4DF0 A158254500              mov eax, dword ptr [00452558] 




* Referenced by a (U)nconditional or (C)onditional Jump at Address: 


|:004F4D86(C) 


| 


:004F4DF5 E85ED8F5FF              call 00452658 


:004F4DFA 8945FC                  mov dword ptr [ebp-04], eax 


:004F4DFD 33C0                    xor eax, eax 


:004F4DFF 55                      push ebp 


:004F4E00 685D4E4F00              push 004F4E5D 



:004F4E05 64FF30                  push dword ptr fs:[eax] 



:004F4E08 648920                  mov dword ptr fs:[eax], esp 


:004F4E0B B101                    mov cl, 01 




* Possible StringData Ref from Code Obj ->"Software\XDZHAN\ChinaZip" 


                                 | 


:004F4E0D BAA84E4F00              mov edx, 004F4EA8 


:004F4E12 8B45FC                  mov eax, dword ptr [ebp-04] 


:004F4E15 E822DAF5FF              call 0045283C 




* Possible StringData Ref from Code Obj ->"Real Programmers Use Pascal!" 


                                 | 


:004F4E1A B9CC4E4F00              mov ecx, 004F4ECC 




* Possible StringData Ref from Code Obj ->"Key" 


                                 | 


:004F4E1F BAF44E4F00              mov edx, 004F4EF4 


:004F4E24 8B45FC                  mov eax, dword ptr [ebp-04] 


:004F4E27 E854DEF5FF              call 00452C80 




* Possible StringData Ref from Code Obj ->"עɹ,лл֧!"     <--Ͽ﷢עɹȷϢȷϢҵһתҪҵĹؼת 


                                 | 


:004F4E2C B8004F4F00              mov eax, 004F4F00 


:004F4E31 E8563DF6FF              call 00458B8C 


:004F4E36 A16C305000              mov eax, dword ptr [0050306C] 


:004F4E3B 8B00                    mov eax, dword ptr [eax] 




* Possible StringData Ref from Code Obj ->"лѹ(ChinaZip)-ע"   


                                 | 


:004F4E3D BA244F4F00              mov edx, 004F4F24 


:004F4E42 E80DE1F3FF              call 00432F54 


:004F4E47 33C0                    xor eax, eax 


:004F4E49 5A                      pop edx 


:004F4E4A 59                      pop ecx 


:004F4E4B 59                      pop ecx 



:004F4E4C 648910                  mov dword ptr fs:[eax], edx 



:004F4E4F 686E4E4F00              push 004F4E6E 




* Referenced by a (U)nconditional or (C)onditional Jump at Address: 


|:004F4E62(U) 


| 


:004F4E54 8B45FC                  mov eax, dword ptr [ebp-04] 


:004F4E57 E868E2F0FF              call 004030C4 



:004F4E5C C3                      ret 







:004F4E5D E9C2E9F0FF              jmp 00403824 



:004F4E62 EBF0                    jmp 004F4E54 





* Referenced by a (U)nconditional or (C)onditional Jump at Address: 


|:004F4DEC(C) 


| 




* Possible StringData Ref from Code Obj ->"ע벻ȷ,޷ע!"  <--ǳϢˣȷϢҲڸ¿     


                                 | 


:004F4E64 B8484F4F00              mov eax, 004F4F48                         <--˫ 


:004F4E69 E81E3DF6FF              call 00458B8C 


:004F4E6E 33C0                    xor eax, eax 


:004F4E70 5A                      pop edx 


:004F4E71 59                      pop ecx 



:004F4E72 59                      pop ecx 



:004F4E73 648910                  mov dword ptr fs:[eax], edx 



:004F4E76 689B4E4F00              push 004F4E9B 



е㲻ףΪʲô˵ǹؼתأǵƽԭҾٵ 


ٸ㽲һˣͨǻֹؼתҷֱ˵: 


(1) 


je (jne,jz,jnz) 19870219 


........  XXXXXXXXXX 


........  XXXXXXXXXX 


........  עȷϢ 


... 


... 


19870219 ĳϢ 


....... 


....... 


Ҳ˵һжעǷȷȷ19870219ȷĻͲתһֱִȥֱעȷ 


ҪҵĹؼתȷϢĵһתǿܶӦ޸ĻnopOKˡ 


(2) 


je (jne,jz,jnz) 19870219 


........  XXXXXXXXXX 


........  XXXXXXXXXX 


........  ĳϢ 


... 


... 


19870219 עȷϢ 


....... 


....... 


ڶжעȷȷ19870219ȷĻͲתһֱִȥֱ 


ҪҵĹؼתǳϢĵһתӦ޸ĻΪjmpǾͿΪΪ  


ǺǣҲ㽲ˣһ԰ɡW32Dasmѡйؼת½ǵ״̬пӦƫƵַΪ000F41ECõģUltraEditCtrl+G0xF41ECسӦλáӦĻ75(jne)ǽΪ74(jz)˳ 


ˣһ¿һעעһԡǺǣעɹ 


W32DasmǾͽǺǣܼ򵥵ģȥ֮ԼЩ򵥵ְɡ 


ǽõбơ 


ͼW32DasmȥƼĻò˶ʱͻᷢһЩ⡣˵еW32DasmʽοͲáߴʽοûгȷϢоеͨʽοӦĵطȥҹؼתͻᷢǰĶеҪҵĶ...ȻпͨϸңԻҵҲΪһ顣ϾһЩֻڳִڼܿġõģW32DasmҲؼתȥõɣõǰW32Dasmһ鿴ȣ׾ҵˡǾûҪˣ 


ڿʼ֮ǰбҪһõƵĲ裨֪һõ  ȣǵȻҪҪCrackװϣҵҵҵҪҶ!ȻעĵطԾһŲҪȷǰѵгȡǵǰ㽲APIҪõע룬һĳAPIﵽĿġǾڵӦAPIϵ㣬ĻֻҪһгAPIͻᱻ 


GetDlgItemIntGetDlgItemTextGetDlgItemTextAܻáõ98Ϊʲôhmemcpyأһ⡣ϵͷصҪעǸУȷİť˵ղµĶϵãûбͻϵԡڵȡղµǸϵ㣬TRW2000ΪSoftICEͬȡϵbc *ָȻǾpmoduleָصգSoftICEûӦָǺǣF12ɣǰѻһ£ʲôأٸӰɣĳҪõǸע룬ͻȥӦĺGetDlgItemTextAGetDlgItemTextAֻȥHmemcpyЩǴϵͳеĳDLLļеġôӦAPIĻվͻתӦDLLļȥִAPIˣǰҲ˵ˣHmemcpyӦóֱӵãAPIáôͿΪĳһAPIõͬʱջתAPIڵDLLļAPIֵHmemcpyôʱվͻתHmemcpyڵDLLļУ֮Hmemcpyִϣͻ᷵صAPIȥAPIִϵĺͻ᷵صӦóȥ˵Hmemcpyϵ㣬ע밴ȷ󣬳ͻȥĳAPIõЩݣ⡰ĳAPIֻȥHmemcpyԳͱϵˡȻʱҲͲӦóˣǵpmoduleָ֮ǾͿԷصӦóȥˡĻ㿴ľӦóĴˣAPIģˣҽŸղŵ˵ĶţǷصȥһֱF12ɣF12һֱִгֱretָҲһһִг^_^һֱF12ֱעԻȻ¸ղ㰴ĴŴͷһΰF12ĴղŰĴ-1Ҳ˵һҪٰһΡ󰴼F12F10ôûF4?һ·񰴣ֱʾμ㰴F10Ĵõģٴͷһ飬ٴΰF10ʱҪһһһ㰴F10ĴϴΰĴʱһͻῴһCALLһתָһһתָ֮᲻ߣˣһ㲻ٹӦóˡȻҲпûߣͳˡӦò⣬Ϊǰ߸ܹһȻһһ·F10ָᷢûʲôתָǺǣ£ܳġֻҪF10Ĵ任ΪϴΰF10Ĵ-1ĻһͻͣһCALLCALLǳеĹؼCALL֮ҪԵ࣬ҪF8׷ȥעĳɹʧܣCALLУҲ˵Ҫ޸ĵĹؼתҲCALLСǺǣʵҲܺģǰϱ˵ЩжʲôطŵһCALL档ǰF8׷ȥ֮ԾɰF10һһִУ˶೤ʱͻֹᷢؼתˣҹؼתķǰ˵һF10Ĵһβʱͻῴˡ 


ӦףǺĶûô๫ʽĶߣŵķӣһжҪ*Լȥգ˸㽲ҲֻǽһķԣԺߣؾӦˡ 


ڣõCHINAZIPзϣܹѵķ 


ȣҪѸղűƹ˵ٸĻֱװһ顣֮Ǵע룬ŰCtrl+NTRW¶ϵhmemcpy¹F5˳ǲF4Ҳû취^_^Ȼǵȷõģ򱻶: 


KERNEL?HMEMCPY 


0147:9e62  push     bp 


0147:9e63  mov      bp,sp 


0147:9e65  push     ds 


0147:9e66  push     edi 


0147:9e68  push     esi 



0147:9e6a  cld 



0147:9e6b  mov      ecx,[bp+06] 



0147:9e6f  jcxz     9ee9 


Nʡԡ 


bc *ȡϵ㣬Ȼpmoduleص: 


0167:00436d13  mov      [ebx+0c],eax 


0167:00436d16  mov      eax,[ebx] 


0167:00436d18  cmp      eax,byte +0c 


0167:00436d1b  jnz      00436d38 


0167:00436d1d  mov      edx,[ebx+08] 


0167:00436d20  push     edx 


0167:00436d21  mov      ecx,[ebx+04] 


0167:00436d24  mov      edx,eax 


0167:00436d26  mov      eax,esi 


0167:00436d28  call     00432b24 


NԾʡԡ 


7F121F100167:004f4dc4ǽһһF10Ű10£ͿԿ004f4decһתִе004f4decȻˡ004f4e64ȥ֮󰴲£ʾˡǺǣ׹˰ɣ004f4decǸתjnz 004f4e64ǹؼתٺ٣ҵ֮˵˰  


0167:004f4dc4  mov      eax,[ebp-08]       


0167:004f4dc7  push     eax               


0167:004f4dc8  lea      edx,[ebp-10] 


0167:004f4dcb  mov      eax,[ebx+02e0] 


0167:004f4dd1  call     00432f24           


0167:004f4dd6  mov      edx,[ebp-10]       


0167:004f4dd9  lea      ecx,[ebp-0c] 


0167:004f4ddc  mov      eax,ebx 


0167:004f4dde  call     004f4fac         


0167:004f4de3  mov      edx,[ebp-0c]     


0167:004f4de6  pop      eax               


0167:004f4de7  call     0040411c           


0167:004f4dec  jnz      004f4e64                    <--ؼת           


0167:004f4dee  mov      dl,01 


0167:004f4df0  mov      eax,[00452558] 


0167:004f4df5  call     00452658 


0167:004f4dfa  mov      [ebp-04],eax 


0167:004f4dfd  xor      eax,eax 


0167:004f4dff  push     ebp 


0167:004f4e00  push     dword 004f4e5d 


0167:004f4e05  push     dword [fs:eax] 


0167:004f4e08  mov      [fs:eax],esp 


0167:004f4e0b  mov      cl,01 



0167:004f4e0d  mov      edx,004f4ea8 



0167:004f4e12  mov      eax,[ebp-04] 



0167:004f4e15  call     0045283c 


0167:004f4e1a  mov      ecx,004f4ecc 


0167:004f4e1f  mov      edx,004f4ef4 


0167:004f4e24  mov      eax,[ebp-04] 


0167:004f4e27  call     00452c80 


0167:004f4e2c  mov      eax,004f4f00 


0167:004f4e31  call     00458b8c 


0167:004f4e36  mov      eax,[0050306c] 


0167:004f4e3b  mov      eax,[eax] 


0167:004f4e3d  mov      edx,004f4f24 


0167:004f4e42  call     00432f54 


0167:004f4e47  xor      eax,eax 


0167:004f4e49  pop      edx 



0167:004f4e4a  pop      ecx 



0167:004f4e4b  pop      ecx 



0167:004f4e4c  mov      [fs:eax],edx 



0167:004f4e4f  push     dword 004f4e6e 



0167:004f4e54  mov      eax,[ebp-04] 



0167:004f4e57  call     004030c4 



0167:004f4e5c  ret     



0167:004f4e5d  jmp      00403824 



0167:004f4e62  jmp      short 004f4e54 



0167:004f4e64  mov      eax,004f4f48      <---0167:004f4dec!; 



0167:004f4e69  call     00458b8c 



0167:004f4e6e  xor      eax,eax 



һӣ 


ơǽ 


汾2.46 Beta 


ļС1289KB 


ƽ̨Win9x/Me/NT/2000 


顿ǽ˰һ׸˵ʹõ簲ȫ԰ֵֺ͹ֹϢй¶ǵվϣݿɵĹϢҵߡͬʱǽ˰ΪͻԲͬϢòͬİȫʺڲûҲʺͨ繲û 


ԾҴӵԱ2001϶׹ҵģעԵվѻ... 


ǻҪȰװϣĳ񹤣СӸ˵һϻԣ^_^֮FIһûмӿǣǺǣBC++룬ûмӿǣˬעԻʲô˵ֳ˼µӰʲôֵȵ...  


õģǽTRW2000Ⱥַһ롰Ӣ۵ĵǣڶ롰Աɽ 


ͰCtrl+NTRW2Kгbpx hmemcpy֮F5˳ 


ſ԰ȷͳˣᱻTRW2Kϵǽbc *Լpmodule 


ԿʼF12ˣһ8³ͻᱨǵڶξͰ7ȻʼF1070F10ֱˣǺǣһҪŶ 


õģҰѷĴ 


0167:0041c617  lea      edx,[ebp-04]                              <--7F12һF10 


0167:0041c61a  mov      ecx,[0052ae7c] 


0167:0041c620  mov      eax,[ecx] 


0167:0041c622  mov      eax,[eax+0318] 


0167:0041c628  add      eax,byte +2c 


0167:0041c62b  call     00517740 


0167:0041c630  dec      dword [ebp-20] 


0167:0041c633  lea      eax,[ebp-04] 


0167:0041c636  mov      edx,02 


0167:0041c63b  call     00517710 


0167:0041c640  mov      word [ebp-2c],14 


0167:0041c646  lea      eax,[ebp-08] 


0167:0041c649  call     00401d60 


0167:0041c64e  mov      edx,eax 


0167:0041c650  inc      dword [ebp-20] 


0167:0041c653  mov      ecx,[ebp-40] 


0167:0041c656  mov      eax,[ecx+02e0] 



0167:0041c65c  call     004b9f14 


0167:0041c661  lea      edx,[ebp-08] 


0167:0041c664  mov      ecx,[0052ae7c] 


0167:0041c66a  mov      eax,[ecx] 


0167:0041c66c  mov      eax,[eax+0318] 


0167:0041c672  add      eax,byte +30 


0167:0041c675  call     00517740 


0167:0041c67a  dec      dword [ebp-20] 


0167:0041c67d  lea      eax,[ebp-08] 


0167:0041c680  mov      edx,02 


0167:0041c685  call     00517710 


0167:0041c68a  lea      eax,[ebp-10] 


0167:0041c68d  call     00401d60 


0167:0041c692  mov      edx,eax 


0167:0041c694  inc      dword [ebp-20] 


0167:0041c697  mov      ecx,[ebp-40] 


0167:0041c69a  mov      eax,[ecx+02e0] 


0167:0041c6a0  call     004b9f14 


0167:0041c6a5  lea      edx,[ebp-10] 


0167:0041c6a8  push     dword [edx] 


0167:0041c6aa  mov      word [ebp-2c],20 


0167:0041c6b0  lea      eax,[ebp-0c] 


0167:0041c6b3  call     00401d60 


0167:0041c6b8  mov      edx,eax 


0167:0041c6ba  inc      dword [ebp-20] 


0167:0041c6bd  mov      ecx,[ebp-40] 


0167:0041c6c0  mov      eax,[ecx+02d4] 


0167:0041c6c6  call     004b9f14 


0167:0041c6cb  lea      edx,[ebp-0c] 


0167:0041c6ce  mov      edx,[edx] 


0167:0041c6d0  mov      eax,[0052ae7c] 


0167:0041c6d5  mov      eax,[eax] 


0167:0041c6d7  pop      ecx 


0167:0041c6d8  call     0040525c 


0167:0041c6dd  mov      [ebp-45],al 


0167:0041c6e0  dec      dword [ebp-20] 



0167:0041c6e3  lea      eax,[ebp-10] 



0167:0041c6e6  mov      edx,02 


0167:0041c6eb  call     00517710 


0167:0041c6f0  dec      dword [ebp-20] 


0167:0041c6f3  lea      eax,[ebp-0c] 


0167:0041c6f6  mov      edx,02 


0167:0041c6fb  call     00517710 


0167:0041c700  cmp      byte [ebp-45],00 


0167:0041c704  jz       0041c750                       <--60F10﷢һתٺ٣ˣ 


0167:0041c706  mov      ecx,[0052ae7c] 


0167:0041c70c  mov      eax,[ecx] 


0167:0041c70e  mov      eax,[eax+0318] 


0167:0041c714  call     00411fd0 


0167:0041c719  mov      word [ebp-2c],2c 


0167:0041c71f  mov      edx,00521b50 


0167:0041c724  lea      eax,[ebp-14] 


0167:0041c727  call     005175b0 


0167:0041c72c  inc      dword [ebp-20] 


0167:0041c72f  mov      eax,[eax] 


0167:0041c731  call     004b41b0 


0167:0041c736  dec      dword [ebp-20] 


0167:0041c739  lea      eax,[ebp-14] 


0167:0041c73c  mov      edx,02 


0167:0041c741  call     00517710 


0167:0041c746  mov      eax,[ebp-40] 


0167:0041c749  call     004a81d0 


0167:0041c74e  jmp      short 0041c77d 


0167:0041c750  mov      word [ebp-2c],38 


0167:0041c756  mov      edx,00521b6b 


0167:0041c75b  lea      eax,[ebp-18] 


0167:0041c75e  call     005175b0 


0167:0041c763  inc      dword [ebp-20] 


ҵ˹ؼת֮ͱˣǺǣ׹ܰɣW32DasmļȻShift+F12֮0041c704Ϳ½ǿӦƫƵַˣ 


СɣTRWУĳǹؼתĻr fl zָвԣָʹԳȡ˵JZ XXXXXXXXˣr fl zָָͲˣͲˡҲǣ0041c704r fl zǺǣִмǲǳɹˣоֻﵽעĿģҸֻעʱ֤һεĻͿԴ׹ˣ  


ǺǣҪ˵һ䣬ֻһЩСʱ漸ξ͹ˣĪʹ˲ǰ... 


󻰣ͻ֣ᷢһЩʵûô򵥣ҵĹؼתҲҪıǶදֶϰͻ׹ġҽ֮ԸӣΪȽϼ򵥣˵ص㣬㽲ЩȽǸıƣ㿴һͷˮ...  


<> 
 
 
